Re: Don't use S-boxes!
From: karl malbrain (karl_m_at_acm.org)
Date: 29 Nov 2004 11:41:30 -0800
BRG <firstname.lastname@example.org> wrote in message news:<email@example.com>...
> firstname.lastname@example.org wrote:
> > BRG wrote:
> >>My published AES code can be configured to use tables from 256 bytes
> >>upwards - that is 256 bytes for encrypt and 256 bytes for decrypt.
> >>256 byte tables are very slow but 1024 byte tables provide good
> >>performance with greater resistance to this sort of timing attack.
> > Do you have the necessary RDTSC instrumentation in place to produce
> > cycles-per-byte figures? On the insistance of Professor Wagner, I
> > recently added these to the REFERENCE IMPLEMENTATION I maintain at
> > www.geocities.com/malbrain/aestable.html
> > Feel free to lift the relevant sections if you need them.
> In short, yes, I produce cycles/byte figures using a standard timing
> harness that uses the RDTSC on the x86.
What STANDARD DEVIATION do you obtain for a few independent calls?
> My timing code is available on my site but, more recently, Christophe
> Devine and I developed the AES timing code that he has made available here:
Yes, I've downloaded and configured your implementation. karl m